瑞星卡卡安全论坛

版主或哪位高手教下这个木马怎么杀啊，

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

谢谢无邪!!!已经照你的方法去做了，下面是帖图!!!麻烦你了
2006-09-11,22:03:25

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [Windows (R) Server 2003 DDK provider]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <OESpamTest><C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE>  [Ashmanov & Partners]
    <Alcmtr><ALCMTR.EXE>  [Realtek Semiconductor Corp.]
    <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[kavsvc / kavsvc]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Windows User Mode Driver Framework / UMWdf]
  <><N/A>

==================================
浏览器加载项
[江民在线杀毒]
  {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[JUJU猫]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\腾迅QQ\QQ\QQIEHelper.dll, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, N/A>
[PowerList Control]
  {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\DOCUME~1\ADMINI~1\APPLIC~1\ppStream\100~1.139\POWERL~1.OCX, PPStream.com>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[IExpress]
  {27E96DE0-8211-42CF-9A1E-FA6246A95B77} <C:\WINDOWS\system32\iexpress.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\腾迅QQ\QQ\QQIEHelper.dll, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\DOCUME~1\ADMINI~1\APPLIC~1\ppStream\100~1.139\POWERP~1.DLL, PPStream Inc.>
[KvScan Control]
  {626AEE7D-DC95-4405-8F9E-9FB1EA80AEDE} <C:\WINDOWS\KVSCAN~1\KvKill.ocx, jiangmin>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\腾迅QQ\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\腾迅QQ\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\腾迅QQ\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\腾迅QQ\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 652][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 932][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 996][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1092][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1128][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1232][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1528][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.7801>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.7801>
    [C:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\shellex.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\PROGRA~1\ftc\Commenu.dll]  <Fygsoft and Microsoft><3.0.0.63>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\scrchpg.dll]  <Kaspersky Lab><5.0.1.18>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\scrch_ag.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\FSSync.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\pr_rmt.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\ccclient.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\klipc.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\KLUtil.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\rpt.dll]  <Kaspersky Lab><5.0.383.2>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\CCIFACE.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\prloader.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\prkernel.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\prstring.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\pr_srv.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\pr_clnt.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\tempfile.ppl]  <Kaspersky Lab><5.0.383.0>
[PID: 1660][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1860][C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE]  <Ashmanov & Partners><1.1.50.0>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
[PID: 1892][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
[PID: 144][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.7801>
[PID: 1180][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1444][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
[PID: 2308][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\scrchpg.dll]  <Kaspersky Lab><5.0.1.18>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\scrch_ag.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\FSSync.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\pr_rmt.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\ccclient.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\klipc.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\KLUtil.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\rpt.dll]  <Kaspersky Lab><5.0.383.2>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\CCIFACE.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\prloader.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\prkernel.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\prstring.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\pr_srv.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\pr_clnt.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\tempfile.ppl]  <Kaspersky Lab><5.0.383.0>
    [C:\WINDOWS\system32\CHENHU4.IME]  <chenhu><5.4>
    [C:\WINDOWS\system32\Macromed\Flash\Flash.ocx]  <Macromedia, Inc.><6,0,84,0>
[PID: 3168][G:\新建文件夹 (7)\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

全部帖好了，没改过，麻烦无邪!!!

无邪!!!这个我是用木马清道夫扫出来的，之前用过瑞星和江民在线查毒都没查出有这个木马，卡巴也查不出，下面帖张扫出来的图给你看下

附件: 7481092006911222301.jpg

无邪帮忙看下啊!!!谢谢

用SREng在“系统修复”-“浏览器加载项”中删除以下项目：
[IExpress]
{27E96DE0-8211-42CF-9A1E-FA6246A95B77} <C:\WINDOWS\system32\iexpress.dll, N/A>

重启后删除C:\WINDOWS\system32\iexpress.dll

[Windows User Mode Driver Framework / UMWdf]
<><N/A>
系统服务对应文件丢失？

至于那个木马，关闭系统还原后再打开，就没了。

非常感谢小聪!!!现在已经照你的方法去做了。
昨晚胡乱弄了下，在注册表里找到了：Trojan.Agent117697.e  已经删除了。我也不懂，麻烦你有空帮忙看下!!谢谢。系统还原现在已经关闭了。没必要再打开了吧？

2006-09-12,18:43:17

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [Windows (R) Server 2003 DDK provider]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <OESpamTest><C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE>  [Ashmanov & Partners]
    <Alcmtr><ALCMTR.EXE>  [Realtek Semiconductor Corp.]
    <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[kavsvc / kavsvc]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Windows User Mode Driver Framework / UMWdf]
  <><N/A>

==================================
浏览器加载项
[江民在线杀毒]
  {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[JUJU猫]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\腾迅QQ\QQ\QQIEHelper.dll, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, N/A>
[PowerList Control]
  {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\DOCUME~1\ADMINI~1\APPLIC~1\ppStream\100~1.139\POWERL~1.OCX, PPStream.com>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\腾迅QQ\QQ\QQIEHelper.dll, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\DOCUME~1\ADMINI~1\APPLIC~1\ppStream\100~1.139\POWERP~1.DLL, PPStream Inc.>
[KvScan Control]
  {626AEE7D-DC95-4405-8F9E-9FB1EA80AEDE} <C:\WINDOWS\KVSCAN~1\KvKill.ocx, jiangmin>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\腾迅QQ\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\腾迅QQ\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\腾迅QQ\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\腾迅QQ\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 652][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 932][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 996][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1084][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1128][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1212][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1488][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.7801>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.7801>
    [C:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\shellex.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\PROGRA~1\ftc\Commenu.dll]  <Fygsoft and Microsoft><3.0.0.63>
[PID: 1644][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1872][C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE]  <Ashmanov & Partners><1.1.50.0>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
[PID: 1896][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
[PID: 2016][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.7801>
[PID: 1172][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1484][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1824][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\scrchpg.dll]  <Kaspersky Lab><5.0.1.18>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\scrch_ag.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\FSSync.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\pr_rmt.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\ccclient.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\klipc.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\KLUtil.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\rpt.dll]  <Kaspersky Lab><5.0.383.2>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\CCIFACE.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\prloader.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\prkernel.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\prstring.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\pr_srv.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\pr_clnt.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\tempfile.ppl]  <Kaspersky Lab><5.0.383.0>
    [C:\WINDOWS\system32\Macromed\Flash\Flash.ocx]  <Macromedia, Inc.><6,0,84,0>
[PID: 512][G:\新建文件夹 (7)\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

看不出问题了，你有什么异常没
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Windows User Mode Driver Framework ，选择“删除服务”点“设置”选择“否”

瑞星直接杀不行吗

引用:

【我无邪的贴子】看不出问题了，你有什么异常没 打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Windows User Mode Driver Framework ，选择“删除服务”点“设置”选择“否” ………………

谢谢!!!已经按你说的删除了!!我是看不出有什么异常。CPU使用正常。进程也没什么。那些问题都是木马清道夫扫描出来的。今天扫几次都没有问题了